This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question about SMMU

Hi, ARM communities!

Following the documentation about SMMU for CCA, it seems that ARM has no plan for providing another bit to introduce REALM device, as ARM distinguishes secure peripherals through the NS bit.  

Also, it says that memory accesses made by SMMU will be governed by the GPT.

In this case, what happens when the device tries to access the physical pages belonging to CCA VM, which are set as RMM pages in GPT?

Does it always generate GPC faults?

If the answer is yes, is the intention of checking GPT for all SMMU's memory accesses to prevent the potentially malicious devices from accessing secure VM's memories? 

 

Parents
  • Last year support for Device Assignment to Realms was announced: https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-a-profile-architecture-2022

    In this case, what happens when the device tries to access the physical pages belonging to CCA VM, which are set as RMM pages in GPT?

    Does it always generate GPC faults?

    If a device tries to perform an access not permitted by the granule protection checks that will result in a fault.  Currently that would mean any device access to a Realm page, in future it would mean a device not permitted to access that Realm's page.

    If the answer is yes, is the intention of checking GPT for all SMMU's memory accesses to prevent the potentially malicious devices from accessing secure VM's memories? 

    In short - yes.  The system needs to prevent unauthorised accesses to a Realm's resources, whether those accesses come from a processor or an device.

Reply
  • Last year support for Device Assignment to Realms was announced: https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-a-profile-architecture-2022

    In this case, what happens when the device tries to access the physical pages belonging to CCA VM, which are set as RMM pages in GPT?

    Does it always generate GPC faults?

    If a device tries to perform an access not permitted by the granule protection checks that will result in a fault.  Currently that would mean any device access to a Realm page, in future it would mean a device not permitted to access that Realm's page.

    If the answer is yes, is the intention of checking GPT for all SMMU's memory accesses to prevent the potentially malicious devices from accessing secure VM's memories? 

    In short - yes.  The system needs to prevent unauthorised accesses to a Realm's resources, whether those accesses come from a processor or an device.

Children
No data